The EU’s cyber security Agency, ENISA, is publishing a series of new studies about the current security practices of Trust Service Providers (TSPs) and recommendations for improving cross-border trustworthiness and interoperability for the new regulated TSPs and for e-Government services using them.

Secure governmental e-services are critical for society, e.g. health, procurement, justice. Security is crucial for gaining the trust of the EU citizens on using these services. However, there are many security challenges to overcome in order to ensure their successful deployment.

The TSP study underlines that:

A mutual assistance system between supervisory bodies in the Member States should be set up.

Client applications need to guarantee end-to-end encrypted communication with TSPs and e-Government services in order to safeguard EU citizens’ privacy.

The e-Government document uses a few of the European Commission-funded Large Scale Pilots that integrate TSP (epSOS for health, e-CODEX for justice and PEPPOL for procurement) as case studies. These cases are used to analyse current practices and identify gaps and where improvements can be made.

In this report, the Agency issues detailed technical security practices recommendations for TSP and e-Government Services using them, including time-stamping, e-delivery, long time preservation and e-signature validation.

Promote Trusted Marks assessed against eIDAS requirements that would be recognised across borders.

Trust Services should be developed in a European scope, complying with both EU and local legislation.

Specific Business Continuity Management standards should be adopted in the provision of trusted services (by TSPs) and required by e-Government customers./li>

Based on the criticality of the e-government services, they should always assess three aspects:

the strength of the authentication mechanisms to be used, encouraging the use of e-Signature.

the need for end-to-end encryption and

the need for audit trails to keep electronic evidence.

The guidelines for Trust Service Providers give recommendations in the areas of legal and regulatory framework of TSPs, risk assessment for TSPs and mitigation of security incidents. The main points highlighted by the reports include:

The Executive Director of ENISA, Professor Udo Helmbrecht, stated: “It is vital for business and governments across Europe that citizens trust their online services and therefore implement the best technical e-signature solutions. These best practices need to be constantly reviewed through frequent risk analysis in order to keep up with the technical developments and overcome evolving cyber security challenges.”

Spotlight

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Learn about personal data bankruptcy and the cost of privacy, security and compliance, delivering digital security to a mobile world, and much more.

As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?”

The code redirects visitors to another URL where the Fiesta exploit kit is hosted, which then tries to detect and exploit several vulnerabilities in various software. If it succeeds, the visitors are saddled with a banking Trojan.

Looking for an Android-based tablet for your child but don't know which one to choose? If you are concerned about the device's protection against random hackers, Bluebox Security has just released a review of the nine most popular Android tablet models aimed specifically at children.